fix(ledger): guard againt int overflows (#901)

Signed-off-by: Chris Gianelloni <[email protected]>

Author: wolf31o2

ledger/allegra/allegra.go

@@ -98,6 +98,7 @@ func (b *AllegraBlock) Era() common.Era {
 
 func (b *AllegraBlock) Transactions() []common.Transaction {
 	ret := make([]common.Transaction, len(b.TransactionBodies))
+	// #nosec G115
 	for idx := range b.TransactionBodies {
 		ret[idx] = &AllegraTransaction{
 			Body:       b.TransactionBodies[idx],

ledger/alonzo/alonzo.go

@@ -106,6 +106,7 @@ func (b *AlonzoBlock) Transactions() []common.Transaction {
 	}
 
 	ret := make([]common.Transaction, len(b.TransactionBodies))
+	// #nosec G115
 	for idx := range b.TransactionBodies {
 		ret[idx] = &AlonzoTransaction{
 			Body:       b.TransactionBodies[idx],

ledger/alonzo/pparams.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,10 +15,13 @@
 package alonzo
 
 import (
+	"math"
+
+	cardano "github.com/utxorpc/go-codegen/utxorpc/v1alpha/cardano"
+
 	"github.com/blinklabs-io/gouroboros/cbor"
 	"github.com/blinklabs-io/gouroboros/ledger/common"
 	"github.com/blinklabs-io/gouroboros/ledger/mary"
-	"github.com/utxorpc/go-codegen/utxorpc/v1alpha/cardano"
 )
 
 type AlonzoProtocolParameters struct {
@@ -115,6 +118,33 @@ func (u *AlonzoProtocolParameterUpdate) UnmarshalCBOR(data []byte) error {
 }
 
 func (p *AlonzoProtocolParameters) Utxorpc() *cardano.PParams {
+	// sanity check
+	if p.A0.Num().Int64() > math.MaxInt32 ||
+		p.A0.Denom().Int64() < 0 ||
+		p.A0.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.Rho.Num().Int64() > math.MaxInt32 ||
+		p.Rho.Denom().Int64() < 0 ||
+		p.Rho.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.Tau.Num().Int64() > math.MaxInt32 ||
+		p.Tau.Denom().Int64() < 0 ||
+		p.Tau.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.ExecutionCosts.MemPrice.Num().Int64() > math.MaxInt32 ||
+		p.ExecutionCosts.MemPrice.Denom().Int64() < 0 ||
+		p.ExecutionCosts.MemPrice.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.ExecutionCosts.StepPrice.Num().Int64() > math.MaxInt32 ||
+		p.ExecutionCosts.StepPrice.Denom().Int64() < 0 ||
+		p.ExecutionCosts.StepPrice.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	// #nosec G115
 	return &cardano.PParams{
 		CoinsPerUtxoByte:         p.AdaPerUtxoByte,
 		MaxTxSize:                uint64(p.MaxTxSize),

ledger/babbage/babbage.go

@@ -107,6 +107,7 @@ func (b *BabbageBlock) Transactions() []common.Transaction {
 	}
 
 	ret := make([]common.Transaction, len(b.TransactionBodies))
+	// #nosec G115
 	for idx := range b.TransactionBodies {
 		ret[idx] = &BabbageTransaction{
 			Body:       b.TransactionBodies[idx],

ledger/babbage/pparams.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -15,10 +15,13 @@
 package babbage
 
 import (
+	"math"
+
+	cardano "github.com/utxorpc/go-codegen/utxorpc/v1alpha/cardano"
+
 	"github.com/blinklabs-io/gouroboros/cbor"
 	"github.com/blinklabs-io/gouroboros/ledger/alonzo"
 	"github.com/blinklabs-io/gouroboros/ledger/common"
-	"github.com/utxorpc/go-codegen/utxorpc/v1alpha/cardano"
 )
 
 // BabbageProtocolParameters represents the current Babbage protocol parameters as seen in local-state-query
@@ -154,6 +157,33 @@ func (u *BabbageProtocolParameterUpdate) UnmarshalCBOR(data []byte) error {
 }
 
 func (p *BabbageProtocolParameters) Utxorpc() *cardano.PParams {
+	// sanity check
+	if p.A0.Num().Int64() > math.MaxInt32 ||
+		p.A0.Denom().Int64() < 0 ||
+		p.A0.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.Rho.Num().Int64() > math.MaxInt32 ||
+		p.Rho.Denom().Int64() < 0 ||
+		p.Rho.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.Tau.Num().Int64() > math.MaxInt32 ||
+		p.Tau.Denom().Int64() < 0 ||
+		p.Tau.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.ExecutionCosts.MemPrice.Num().Int64() > math.MaxInt32 ||
+		p.ExecutionCosts.MemPrice.Denom().Int64() < 0 ||
+		p.ExecutionCosts.MemPrice.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	if p.ExecutionCosts.StepPrice.Num().Int64() > math.MaxInt32 ||
+		p.ExecutionCosts.StepPrice.Denom().Int64() < 0 ||
+		p.ExecutionCosts.StepPrice.Denom().Int64() > math.MaxUint32 {
+			return nil
+	}
+	// #nosec G115
 	return &cardano.PParams{
 		CoinsPerUtxoByte:         p.AdaPerUtxoByte,
 		MaxTxSize:                uint64(p.MaxTxSize),

ledger/byron/byron.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Blink Labs Software
+// Copyright 2025 Blink Labs Software
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,7 @@ package byron
 import (
 	"encoding/hex"
 	"fmt"
+	"math"
 
 	"github.com/blinklabs-io/gouroboros/cbor"
 	"github.com/blinklabs-io/gouroboros/ledger/common"
@@ -314,6 +315,9 @@ func NewByronTransactionInput(hash string, idx int) ByronTransactionInput {
 	if err != nil {
 		panic(fmt.Sprintf("failed to decode transaction hash: %s", err))
 	}
+	if idx < 0 || idx > math.MaxUint32 {
+		panic("index out of range")
+	}
 	return ByronTransactionInput{
 		TxId:        common.Blake2b256(tmpHash),
 		OutputIndex: uint32(idx),

ledger/common/certs.go

@@ -102,7 +102,8 @@ func (c *CertificateWrapper) UnmarshalCBOR(data []byte) error {
 	if _, err := cbor.Decode(data, tmpCert); err != nil {
 		return err
 	}
-	c.Type = uint(certType)
+	// certType is known within uint range
+	c.Type = uint(certType) // #nosec G115
 	c.Certificate = tmpCert
 	return nil
 }
@@ -355,6 +356,7 @@ func (c *PoolRegistrationCertificate) Utxorpc() *utxorpc.Certificate {
 				VrfKeyhash: c.VrfKeyHash[:],
 				Pledge:     c.Pledge,
 				Cost:       c.Cost,
+				// #nosec G115
 				Margin: &utxorpc.RationalNumber{
 					Numerator:   int32(c.Margin.Num().Int64()),
 					Denominator: uint32(c.Margin.Denom().Uint64()),
@@ -484,13 +486,17 @@ func (c *MoveInstantaneousRewardsCertificate) Utxorpc() *utxorpc.Certificate {
 			tmpMirTargets,
 			&utxorpc.MirTarget{
 				StakeCredential: stakeCred.Utxorpc(),
-				DeltaCoin:       int64(deltaCoin),
+				// potential integer overflow
+				// #nosec G115
+				DeltaCoin: int64(deltaCoin),
 			},
 		)
 	}
 	return &utxorpc.Certificate{
 		Certificate: &utxorpc.Certificate_MirCert{
 			MirCert: &utxorpc.MirCert{
+				// potential integer overflow
+				// #nosec G115
 				From:     utxorpc.MirSource(c.Reward.Source),
 				To:       tmpMirTargets,
 				OtherPot: c.Reward.OtherPot,

ledger/common/gov.go

@@ -113,7 +113,8 @@ func (g *GovActionWrapper) UnmarshalCBOR(data []byte) error {
 	if _, err := cbor.Decode(data, tmpAction); err != nil {
 		return err
 	}
-	g.Type = uint(actionType)
+	// action type is known within uint range
+	g.Type = uint(actionType) // #nosec G115
 	g.Action = tmpAction
 	return nil
 }

ledger/common/nonce.go

@@ -38,9 +38,8 @@ func (n *Nonce) UnmarshalCBOR(data []byte) error {
 	if err != nil {
 		return err
 	}
-
-	n.Type = uint(nonceType)
-
+	// nonce type is known within uint range
+	n.Type = uint(nonceType) // #nosec G115
 	switch nonceType {
 	case NonceTypeNeutral:
 		// Value uses default value

ledger/conway/conway.go

@@ -106,6 +106,7 @@ func (b *ConwayBlock) Transactions() []common.Transaction {
 	}
 
 	ret := make([]common.Transaction, len(b.TransactionBodies))
+	// #nosec G115
 	for idx := range b.TransactionBodies {
 		ret[idx] = &ConwayTransaction{
 			Body:       b.TransactionBodies[idx],